I have been having a bear of a time getting Active Directory working with our ISA2004 Server. I have gotten this to work on the regular network. That is when the ISA and the PDC is on the same network. However we are in the process of moving to a new network that represents both a physically different network, and a different IP space. I will try to explain the problems.
Bottom line is this: when the firewall service in ISA2004 is started, Active Directory does not work. Network A is the old network, that contains the AD servers. Network B is the new network that contains the ISA2004 server.
The two networks are joined by a router. In this router it has NAT rules that allow all connections back to the old network. The old network is allowed full access to the new network.
For what ever reason The only way I can get ISA to work is by stopping the firewall service. Obviously this is not the best solution. When I try to remote desktop to the ISA server, I get the error that the domain does not exist or could not be contacted.
I have the ISA only plugged into 1 NIC and it has a static IP address on the new network. I have all the add-ons disabled. Please help!
Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,
when ISA is deployed using single-NIC, it doesn't act as a network firewall (it only serves to firewall itself). For ISA work as network firewall you MUST install two or more NICs.
Also, AD doesn't support NAT. You must route connections.
Thanks for the reply. Please elaborate your answers though.
If I must keep the server in single NIC mode, then can I just disable the firewall service and leave it off? It seems that once that service is down it will kill all the firewall rules, does anything else need those rules?
Also for the NAT problem. It seems like that NAT is working. However it's only failing when the firewall is not working. To be clear, I am not NATing on the ISA server, the NAT is transparent on the router. If I need to add routes, how do I go about doing that?
Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,
quote:
If I must keep the server in single NIC mode, then can I just disable the firewall service and leave it off? It seems that once that service is down it will kill all the firewall rules, does anything else need those rules?
Also for the NAT problem. It seems like that NAT is working. However it's only failing when the firewall is not working. To be clear, I am not NATing on the ISA server, the NAT is transparent on the router. If I need to add routes, how do I go about doing that?
What are you trying to do? I dont fully understand this but ill try to give the best solution to what i interpret as your problem.
Ok what i gather is, two networks.
Old Network 192.168.x.x
New Network 10.10.x.x
You want the NEW network to be able to communicate with the old network right!? Then just put a router in between the two networks! Im not even sure where ISA comes into play here because it's not a needed component to do what youre trying to do. ESPECIALLY since the ISA server has only 1 NIC card.
If you want to use ISA to join the 2 networks then ISA needs at LEAST 2 NIC's (one connected to the old network and one connected to the new network)